Fiber Home Routers are in Big Trouble.

  • The management interface leaks device details if accessed from a browser with JavaScript disabled. One of the leaked details is the device’s MAC address.
  • A backdoor mechanism allows an attacker to use the device’s MAC address to initiate a Telnet connection to the router by sending a specially crafted HTTPS request [https://[ip]/telnet?enable=0&key=calculated(BR0_MAC)].
  • Passwords and authentication cookies for the admin panel are stored in clear text in HTTP logs.
  • The management interface is secured through a hardcoded SSL certificate stored on the device that can be downloaded and used for MitM and other attacks.
  • The web server (management panel) includes a list of 22 hardcoded credentials, which Kim believes were added and in use by different internet service providers.
  • The firmware also includes hardcoded credentials for managing the device via the TR-069 protocol.
  • There are also credentials in the web server binary that are encrypted. However, the XOR key to decrypt them is also in the binary, rendering their encryption useless. As Kim notes, this is the same XOR key used in the firmware of C-Data devices, also impacted by similar backdoor issues.
  • A hardcoded root password for a Telnet server is also included. This server is disabled by default, though.
  • The firmware also includes different sets of hardcoded credentials for a low-level Telnet account. Kim found four.
  • A privilege escalation vulnerability in the Telnet daemon allows attackers to escalate their privileges to root level.

--

--

--

First they begin with Us..

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Considerations for Dynamic Secrets Management

Enable SSO in Salesforce with Auth0 as the IdP and Salesforce as the Service Provider

How to Stake MTA for yield on mStable

Securing Ionic 4 Cordova Apps

5 Things We Love And Hate About AWS GuardDuty

{UPDATE} Buttons and Scissors Hack Free Resources Generator

Threat Mapping for Windows Containers

Postcards from Vegas

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SLIIT CS2

SLIIT CS2

First they begin with Us..

More from Medium

My story until eJPT!

San Diego CTF 2022 — Six-Bites

Cybersecurity And Much More Newsletter — Week 01 (2022)

Cybersecurity is a serious matter… even if you think you don’t matter.